Crypto payment gateway CoinsPaid has experienced its second security breach in six months. Web3 security firm Cyvers reported detecting unauthorized transactions of nearly $7.5 million.
Cyvers’ artificial intelligence system detected multiple irregular transactions on Jan. 6, allowing the withdrawal of $6.1 million worth of digital assets in Tether (USDT), Ether (ETH), USD Coin (USDC) and CoinsPaid’s native token CPD.
According to Cyver’s team on X (formerly Twitter), the attacker swapped around 97 million CPD tokens for ETH worth approximately $368,000 before moving the funds to externally owned accounts (EOAs) and crypto exchanges MEXC, WhiteBit and ChangeNOW. CoinGecko’s data shows CPD trading at $0.0006 at the time of writing, down 39.5% in 24 hours.
Following further analysis, Cyver identified unauthorized transactions involving BNB (BNB) worth more than $1 million, bringing the total amount stolen close to $7.5 million.
CoinsPaid is an Estonian payment processor for digital assets and claims to have processed over 19 billion euros in crypto transactions. The company has not yet commented on the attack.
The platform suffered another security breach in July 2023, with over $37 million stolen. According to CoinsPaid, hackers used a fake job interview to trick one of its employees. The worker allegedly responded to a job offer and downloaded a malicious code, allowing the bad actors to steal information and provide them with access to CoinsPaid’s infrastructure.
In a post-mortem report of the hack, CoinsPaid blamed the North Korean state-backed Lazarus Group for the incident, noting that the group had attempted to infiltrate the platform several times since March 2023 but switched to “highly sophisticated and vigorous social engineering techniques” after multiple failures — targeting employees rather than the company itself.
The Lazarus Group is believed to be behind several crypto hacks in 2023. Blockchain intelligence firm TRM Labs reported the group stole at least $600 million in crypto last year.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks